To decrypt one of the emails, he or she manipulates cyphertext using malleability gadgets. Social engineering (K. Mitnick et al) is used to understand basic environmental factors of the target's email client, O/S, encryption software etc. The attacker then transmists the manipulated email to either the original sender or anyone on the CC list. The email uses new headers and the manipulated cyphertext is hidden within an invisible iFrame. The email can basically be transmitted in such a way as to avoid it appearing suspicious. Once the receiver opens the email in his client, the manipulated ciphertext will be decrypted. First, the private key of the victim is used to decrypt the session key, and then this session key is used to decrypt the manipulated cyphertext. The decrypted plaintext is then sent to the attacker by using an exflitration channel (hyperlink, events to trigger it).
The obvious defense is to use only plain text to render your emails or use one of the email clients that did not succumb to this method.
Full article: https://efail.de/efail-attack-paper.pdf